Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
version: ImageMagick 7.0.7-1 Q16 x86_64 gcc 7.1
crash link : https://raw.githubusercontent.com/jerryl3e/poc/master/im_poc_1504839414
trigger command : ./magick convert im_poc_1504839414 /dev/null
detail :
root@work:/home/work/fuzzing/ImageMagick-7.0.7-1/utilities# ./magick convert im_poc_1504839414 /dev/null convert: improper image header `im_poc_1504839414' @ error/mpc.c/ReadMPCImage/573. convert: no images defined `/dev/null' @ error/convert.c/ConvertImageCommand/3275. ================================================================= ==128575==ERROR: LeakSanitizer: detected memory leaks Direct leak of 4096 byte(s) in 1 object(s) allocated from: #0 0x7effb74b9920 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde920) #1 0x7effb6b3b336 in AcquireMagickMemory MagickCore/memory.c:464 #2 0x7effb6b3b38a in AcquireQuantumMemory MagickCore/memory.c:537 #3 0x7effb6c6d0ce in AcquireString MagickCore/string.c:136 #4 0x7effb6d97218 in ReadMPCImage coders/mpc.c:228 #5 0x7effb69ce6b0 in ReadImage MagickCore/constitute.c:497 #6 0x7effb69d1597 in ReadImages MagickCore/constitute.c:866 #7 0x7effb62a4242 in ConvertImageCommand MagickWand/convert.c:641 #8 0x7effb639dacd in MagickCommandGenesis MagickWand/mogrify.c:183 #9 0x401a25 in MagickMain utilities/magick.c:149 #10 0x401c9e in main utilities/magick.c:180 #11 0x7effb59c982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) SUMMARY: AddressSanitizer: 4096 byte(s) leaked in 1 allocation(s).
Credit:Baidu Security Lab
The text was updated successfully, but these errors were encountered:
https://github.com/ImageMagick/ImageMagick/issues/739
3996316
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.
Sorry, something went wrong.
Please use CVE-2017-14324 for this issue.
No branches or pull requests
version:
ImageMagick 7.0.7-1 Q16 x86_64
gcc 7.1
crash link :
https://raw.githubusercontent.com/jerryl3e/poc/master/im_poc_1504839414
trigger command :
./magick convert im_poc_1504839414 /dev/null
detail :
Credit:Baidu Security Lab
The text was updated successfully, but these errors were encountered: